Linuxhotel

Villa Vogelsang

DNS and Bind

basics of the domain name system

The domain name system (DNS) is the internet's heartbeat. It provides the directory of computer names and IP addresses, comparable to the telephone book connecting names and phone numbers as a directory. Any time you are using the internet via a browser, FTP-program or Email application, you rely on the continuous service of the domain name system.

The DNS is:

The world's largest distributed database, with more than a million servers cooperating as one world-wide database.

Studies show more the 50% of all DNS server on the Internet being configured inaccurately. This has a negative effect on the overall speed of internet communication and can block the access to web pages or other internet services.

Faulty DNS server configurations can pose a security risk.

New standards and technologies are based on DNS and increase the importance of correct DNS configuration. DNS security (DNSSEC) requires an error-free DNS delegation, ENUM connects resources from telekommunications and internet realm, internationalized DNS (IDN) enables using DNS names in arbitrary character sets. To ensure the availability of new and established internet services, network administrators have to understand the concepts and configurations related to DNS.

Who should participate in this training course?

Network technicians, network designers, system administrators - in short, everyone in charge of design, planning or operation of DNS and TCP/IP based networks.

Schedules/Reservations

Tutors

Our Trainer Carsten Strotmann has been working for over 15 years with Linux/Unix and DNS in TCP/IP networks. Since 2003, he is coaching the training program DNS specialists Men & Mice and is conducting world-wide training courses on the topics DNS, DNSSEC, DHCP and IPv6. Carsten is cooperating closely with producers of DNS software zusammen (ISC BIND, NLNetLabs NSD/unbound and Microsoft DNS) and is an active contributor to the RIPE und IETF DNS task forces.

prerequisites for attending

The training course will be conducted in english langugage, also courseware and the majority of internet sources will be available in english.

Basic knowledge of the Unix/Linux command line (shell) will be assumed as prerequisite , as well as basic knowledge about Unix/Linux-based TCP/IP networks.

If you feel uncertain on this point, we look forward to assist you via email or phone.

Course contents

History of the DNS

ARPAnet and the HOSTS.TXT file

Introduction of DNS

Basic DNS theory

The namespace

Nodes and labels

Domain names

Domains and subdomains

Delegation and zones

Primary master and slave name servers

The DNS packet format

Resolvers

Name resolution

Recursive and iterative DNS requests

Caching

Roundtrip time

DNS in practice

Generic top-level domains

Country-code top-level domains

Organisation of top-level domains

Registrars and registries

Root name servers

Root name server anycast

BIND

History of the BIND nameserver

Choosing a BIND version

Master file format and resource records

Resource record syntax

A, AAAA, PTR, NS, MX, SRV, TXT, CNAME, and SOA records

Classless reverse-delegation mit CNAME (RFC 2317)

DNS and spam-protection (SPF / DKIM)

DNS and mailserver best practices

Name server configuration and administration

Compiling BIND from sources

Syntax of the BIND configuration file “named.conf”

Cryptographic keys

Address match lists

Access control lists (ACLs)

Control configuration for RNDC

Zone definition

Configuring and using RNDC

Resolver theory and configuration

Local Domain Name

DNS Search list

Querying name servers

Unix/Linux resolver configuration

Sequence of name resolution services

Windows 2000/2003/XP/Vista/Windows 7 DNS resolver configuration

Basic name server security

BIND Versions

Single points of failure

DNS and firewalls

Controlling DNS requests

Controlling DNS zonen transfers

DNSIND

DNS dynamic update, theory and configuration

NOTIFY theory and configuration

Incremental zone transfer

Dynamic updates using BIND in a Windows network

Troubleshooting

nslookup

dig

Strategies of trobleshooting

Frequent errors

Course schedule

Early arrival is possible on the eve of the first seminar day until 10 p.m. The fireplace room and the garden already invite to to a cosy round of shop talk.

The daily schedule runs from 9 a.m. to 6 p.m. (including two coffeebreaks and lunch break), consisting of approximately 60% of instructions and 40% of exercises. Needless to say that every participant works with his "own" dedicated notebook computer, often in step with the tutor.

After that, it's time for dinner and various offerings like shop talks, excursions et cetera. We aim at creating an ambience for a relaxed exchange among experts. If you'd like more to have a bit of privacy, nothing's compulsory here.